Since computer networks have emerged as a medium for conducting electronic commerce and other types of transactions, there has always been a need for maintaining the integrity and validity of these transactions. However, conventional computer networks provide an environment which is fraught with security breaches that will allow hackers to compromise the integrity and validity of such transactions.
Conventional computer networks, such as a local area network, a wide area network and/or a public network (e.g. the Internet), link personal computers and workstations to one or more servers and to each other. This environment permits computer users to interact with the servers or with each other. Transactions between computer users or between computer users and servers are processed using applications which are executed on conventional operating system platforms such as OS/2.RTM., Windows.RTM., UNIXC.RTM. etc. These transactions include high value electronic commerce and other private transactions which use confidential or sensitive data such as bank, credit and debit accounts information.
However, computer hackers can "invade" data resident on computer disk and in memory as well as data associated with real time processing. Therefore, any data, sensitive or otherwise, passing through or stored in the computers can be compromised by hackers or intruders that can gain access to it via the computer network. Moreover, even if the sensitive data were to be encrypted, other sensitive data inside the computers may be susceptible to attack when, for example, the computer systems download and execute rogue programs. A rogue program allows hackers to surreptitiously capture the computer users' name, home address, E-mail address etc. without being noticed. Computer hackers can then use the sensitive data to impersonate the computer users and thereby perform fraudulent transactions.
In this environment secure transactions become very difficult. As a result, conventional computer systems now use smart cards for secure transactions. A conventional smart card with considerable built-in functionality includes an 8 bit microcontroller, a read only memory (ROM), an EEPROM (electronically erasable programmable ROM), a random access memory (RAM), and other optional peripheral devices, e.g., cryptographic unit. The EEPROM holds the sensitive data which is personal to the individual smart card holder, the ROM holds a transaction application program code, and the RAM holds temporary variables. In the cryptographic unit, which can be a multiplexer or other cryptography engine, the sensitive data is encrypted.
Smart cards vary in level of their built-in functionality which includes storage and processing of sensitive data. The sensitive data is provided to smart cards instead of the computer disk or memory in order to protect it against unauthorized access. Thus, smart cards can replace the computers in storing and processing of the sensitive data.
It is noted that if smart cards were to include a complete built-in functionality which would preclude any processing of sensitive data in the conventional computer system, these smart cards would provide an adequate security environment for electronic transactions. However, the more built-in functionality the more expensive the smart cards becomes. Notwithstanding the cost, implementation of the built-in functionality is limited by physical constraints of smart cards.
Typically, a die size of 5 mm.times.5 mm would be used to implement the built-in functionality of smart cards because a larger die size would degrade the ability to connect to them. Also, the chips embedded in smart cards can crack more easily because the smart cards are typically stored in physical wallets which are put in back pockets. Furthermore, the ISO7816 standard, which is an industry standard for smart cards, imposes a bending limitation on smart cards. Since a larger die cannot bend the smart cards must be small. Finally, the current capacity of smart cards is 50-100 mA. By comparison, a typical processor with extensive built-in functionality has a current capacity 40 times higher. Therefore, including complete built-in functionality in smart cards is not feasible.
As a result, at least some processing of the sensitive data must be performed in the conventional computer system in a non-secure manner. The sensitive data remains resident on a smart card until it is needed by the computer for processing. Once it is read from the smart card and transferred for processing to the computer the sensitive data becomes vulnerable to unauthorized access. Therefore, the use of smart cards with conventional computer systems does not entirely solve the problem of providing a secure environment for conducting electronic transactions.
This problem is compounded when, in conventional computer systems, sensitive data is entered on a keyboard and transferred to the computer for processing. For example, personal identification numbers (PIN), typically used for unlocking private or limited access accounts, can be stolen once they are entered on the keyboard by the computer user.
Furthermore, access to display controllers of computers permits rogue programs or viruses to produce erroneous or falsified displays which replace or conceal material information such as transaction values. As a result, fraudulent transactions can remain undetected. Also, when the display is compromised one or more of the transacting parties have inconsistent misleading displays. The inconsistency of the displays can give rise to claims that there was no meeting of the minds, and that the transactions are therefore invalid and unenforceable. As a consequence, such transactions can be easily repudiated by one or more of the transacting parties.
Therefore, conventional systems utilizing smart cards fail to provide real secure transactions. Moreover, in this environment it can be difficult to authenticate transactions for the purpose of enforcing them as valid agreements between the transacting parties. For example, individuals who change their minds after concluding the transactions can repudiate the transactions by claiming that a security breach allowed hackers to transact in their place. Without proof that the repudiating party participated in the particular transaction(s), the other transacting parties are left without recourse.
Therefore, what is needed is a system which provides a secure environment for electronic commerce and other types of confidential transactions. The system is also needed in order to allow transactions with smart cards including smart cards having less than a complete built-in functionality. The system is further needed in order to reduce the cost of the smart cards and, in turn the overall cost of the system. The system is additionally needed to allow uncompromised acknowledgment and authentication of the transactions. Finally, the system needs to be easily implemented with existing technology. The present invention provides a method and system for addressing the foregoing problems.